Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] Firewall Questions

2005-04-15 10:25:12
Subject: [Veritas-bu] Firewall Questions
From: Philip.Weber AT egg DOT com (Weber, Philip)
Date: Fri, 15 Apr 2005 15:25:12 +0100 
Thanks.

1.  New firewall change raised and argument with IT Security pending...
2.  For PC Java GUI, NBJAVA_CONNECT_OPTION=1 under {veritas
install}\java\{master}.vrtsnbuj seems to do the trick ... another
firewall change pending to open access to master server ports 13722,
13723 and 13724 (sigh).

-----Original Message-----
From: veritas-bu-admin AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] On Behalf Of Paul
Keating
Sent: 14 April 2005 19:41
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: RE: [Veritas-bu] Firewall Questions




> -----Original Message-----
> From: veritas-bu-admin AT mailman.eng.auburn DOT edu 
> [mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] On Behalf Of 
> Weber, Philip
> Sent: April 14, 2005 10:33 AM
> To: veritas-bu AT mailman.eng.auburn DOT edu
> Subject: [Veritas-bu] Firewall Questions
> 
> As I am getting return code 58 I
> guess this is not enough, and that the clients have to be able to
> initiate some communications with the master/media, even for scheduled
> backups.  Can anyone confirm/deny?
> 
> I have opened
> master/media --> client on 13782, 13720, 13724.


Master server needs to be able to reach client via 13782.
Client needs to be able to initiate connection back to the Master on
13724.

Netbackup doesn't use "sessions".
The master tells the client it is ready for the backup (port 13782).
The client then initiates its own connection back to the master on
13724.

Yeah, it sucks.

One option I've thought of, but haven't tried, is to have a script that
starts an ssh connection to the client before the backup starts, then
tear it down after the backup completes.....the tunnel would stay up for
the client to request its connection back to the master server, without
leaving holes in your firewall.


> 
> 2.  I have a separate 5.1MP2 environment to which I would like to be
> able to connect using the Java GUI from my PC.  The master server is
> behind a firewall relative to my PC.  I get a login box, but then get
> the error "Unable to login, status: 506.  Can not connect to 
> the NB-Java
> service on <master> on port 1347...", where the port number changes on
> each attempt.  Is it possible to limit this to a small set of ports?

Change "NBJAVA_CONNECT_OPTION=0" to "NBJAVA_CONNECT_OPTION=1" in
/usr/openv/java/nbj.conf and it should use 13724, IIRC.

Paul

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

-----------------------------------------
Egg is a trading name of the Egg group of companies which includes: Egg plc
(reg no 2448340), Egg Financial Products ltd (reg no 3319027), Egg
International ltd (reg no 4059266), Egg Financial Intermediation ltd (reg
no 382828), Egg Investments ltd (reg no 3403963) and Egg Banking plc (reg
no 2999842.  Egg Investments Ltd, Egg Banking plc and Egg Financial
Intermediation Ltd are authorised and regulated by the Financial Services
Authority (FSA) and are entered in the FSA register under numbers 190518,
205621 and 309551 respectively. These members of the Egg group are
registered in England and Wales. Registered offices: 1 Waterhouse Square,
138-142 Holborn, London EC1N 2NA.    This e-mail is confidential and for
use by the addressee only.  If you are not the intended recipient of this
e-mail and have received it in error, please return the message to the
sender by replying to it and then delete it from your mailbox.  Internet
e-mails are not necessarily secure. The Egg group of companies do not
accept responsibility for changes made to this message after it was sent.
Whilst all reasonable care has been taken to avoid the transmission of
viruses, it is the responsibility of the recipient to ensure that the
onward transmission, opening or use of this message and any attachments
will not adversely affect its systems or data. No responsibility is
accepted by the Egg group of companies in this regard and the recipient
should carry out such virus and other checks as it considers appropriate.
This communication does not create or modify any contract.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Veritas-bu] Spectra Logic T950, Alley, Chris
Next by Date:  [Veritas-bu] NetBackup 3.4.1 with Solaris 9/10, Darren Dunham
Previous by Thread:  [Veritas-bu] Firewall Questions, Paul Keating
Next by Thread:  [Veritas-bu] Firewall Questions, Jerry
Indexes:  [Date] [Thread] [Top] [All Lists]